Presentations and More from David A. Wheeler

Below are some of the presentations that I plan to give or have given, in reverse chronological order. I also include some selected posts, articles, papers, and books that I wrote or where I'm quoted; I originally didn't do that, but including them turns out to be convenient. Dates are in ISO 8601 date format (YYYY-MM-DD).

Generally I talk about security / software assurance, free-libre / open source software (FLOSS or OSS/FS), open standards, software innovations, various specialized areas of computer technology, or some combination. I post many of my presentations on my website. I'm available for a few speaking engagements each year; I limit the number of trips away from the Washington, DC area, but I do travel if it's important/interesting. Contact me if you'd like me to speak at your event.

Date/TimeTopicOrganization/Sponsor, Location, Notes
2021-11-17 Interview with David A. Wheeler Open Source Security Podcast
2021-11-16 Panel 2: Enhancing Software and Technology Supply Chain Security NICE Symposium: A Coordinated Approach to Supply Chain Risks
2021-11-09..10 OpenSSF CII Best Practices Badge Open Source Experience 2021, Paris, France; they're expecting 200 speakers, 70 exhibitors, and 4500 attendees
2021-10-14 "Linux Foundation Security Executive Order (EO)" by David A. Wheeler & Kate Stewart Wind River Learning Session
2021-10-11 (Program committee member) SupplyChainSecurityCon North America, Los Angeles, California + Virtual, hosted by Cloud Native Computing Foundation (CNCF) and the Continuous Delivery Foundation (CDF)
2021-09-29 Keynote speaker (image Open Source Summit + Embedded Linux Conference + OSPOCon, Seattle, Washington
2021-09-29 .. 10-01 (Program committee member) Linux Security Summit (LSS) North America, Seattle, Washington + Virtual
2021-09-28 Episode 262: Interview [with David A. Wheeler] Roaring elephant (podcast), recorded 2021-09-08
2021-09-15 Panelist in Technical Requirements for Software Cybersecurity Labels NIST Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software
2021-08-18 Supply Chain Cybersecurity (Keynote presentation) Building Cybersecurity into the Software Supply Chain Town Hall Virtual Event; see the video playlist
2021-08-17 Cybersecurity Labeling Programs for Consumers of IoT Devices and Software Linux Foundation's response to the US NIST Workshop and Call for Papers on Cybersecurity Labeling Programs for Consumers: Internet of Things (IoT) Devices and Software
2021-08-17 Quoted in BlackBerry resisted announcing major flaw in software powering cars, hospital equipment Politico (Cybersecurity area)
2021-08-10 Funded open source security work at the Linux Foundation Linux Foundation blog (post). Quoted in "Get paid to improve Linux and open-source security" by Steven J. Vaughan-Nichols (ZDNet) and "Receive money to improve Linux security and open source software" by Team Security (Bollyinside)
2021-08-09 Post-Approval LF Security Funding (typical LF oversight process) Linux Foundation (LF)
2021-08-04 Open Source Software & Supply Chain Security Open Source Days, hosted by the Academy Software Foundation
2021-07-29 Open Source Software & Supply Chain Security (David A. Wheeler and Kay Williams) Enduring Security Framework (ESF) Software Supply Chain Working Panel
2021-07-24 (recorded) Software Bills of Material (SBOMs), Kate Stewart and David A. Wheeler The Federal Drive with Tom Temin, Federal News Network
2021-07-20 Developing secure open source software (OSS) - recording & slides available Linux Foundation Live (Virtual) Mentoring series
2021-06-30 Is Open Source Ready For Biden’s Executive Order For Cybersecurity? Video interview with Swapnil "Swap" Bhartiya, TFiR (recorded 2021-06-08)
2021-06-08 Lead author of LF position papers on criteria for critical software (#1), best practices (#2), the use of critical software (#3), testing (#4), and integrity chains (#5). Linux Foundation's response to the Call for Position Papers on Standards and Guidelines for Enhancing Software Supply Chain Security (per 2021 US Executive Order on Cybersecurity)
2021-06-02 Panel 1: Criteria for Designating Critical Software (speaker and panelist) Enhancing Software Supply Chain Security: Workshop and Call for Position Papers on Standards and Guidelines (see their Software Supply Chain: Executive Order site
2021-05-27 Securing the Software Supply Chain (panel) Software Delivery Leadership Forum
2021-05-26 Software Bill of Materials and uncovering threats in the software supply chain Stuart Phillips, Interos | Kate Stewart, Linux Foundation | David A. Wheeler, Linux Foundation BrighTALK
2021-05-20 Securing the Development & Supply Chain of Open Source Software (OSS) QCon Plus 2021, May 17-28, 2021
2021-05-18 Critical Update: Do You Know What’s In Your Software? Nextgov (quoted in article)
2021-05-14 How Linux Foundation (LF) communityies enable security measures required by the US Executive Order on Cybersecurity Linux Foundation blog (post)
2021-05-11 Keynote « Open Source Supply Chain Security » Cyber 4 Open Source webinar, La Securite des Logiciels Open Source (The security of open source software)
2021-05-06 "How NOT to do research on an open source community..." by Greg Kroah-Hartman and David A. Wheeler Discussion, cited by LWN
2021-05-04 Securing Open Source (Keynote) Cloud Native Security Day
2021-05-03 OpenSSF Town Hall (esp. "In the News") Open Source Security (OpenSSF) Town Hall
2021-04-27 Open Source Supply Chain Risk Management NASA’s Information Communication Technology (ICT) Supply Chain Risk Management (SCRM) Service
2021-04-12 Fuzzing TechStrong TV Video Interview hosted by Charlene O'Hanlon with David A. Wheeler, Asra Ali, and Oliver Chang. See also Developers are buzzing on fuzzing. Recorded 2021-03-29.
2021-04-09 (recorded) US Government & software supply chain security Nextgov, interviewed by Staff Correspondent Mariam Baksh, Government Executive Media Group
2021-03-26 (recorded) Open Source Security with Dr. David A. Wheeler, episode 91 The Secure Developer Podcast (Guy Podjarny, Snyk) - via DevSecCon
2021-03-25 "Why Won’t Developers Always Just Write Secure Open Source Software?" by Frank Nagle and David A. Wheeler US NITRD CSIA
2021-03-03 "Securing Software Supply Chains" hosted by Derek Weeks, interviewing Brian Fox (Co-founder/CTO Sonatype), David A. Wheeler (Linux Foundation), and Trey Herr (Atlantic Council) Sonatype
2021-03-03 2-4pm ET "Why Won’t Developers Always Just Write Secure Open Source Software?" by Frank Nagle and David A. Wheeler US Information Security and Privacy Advisory Board (ISPAB)
2021-02-26 (recorded) Kim Lewandowski + David Wheeler + John Speed (panel discussion, esp. on Typosquatting, hosted by Charlene O'Hanlon) TechStrong TV
2021-02-23 EXCLUSIVE INTERVIEW: Lessons Learned From the SolarWinds Supply Chain Hack by Jack M. Germain LinuxInsider
2021-02-22 OpenSSF Town Hall (co-presenter) Open Source Security Foundation (OpenSSF)
2021-02-09 David Wheeler + Kim Lewandowski + Santiago Torres-Arias (panel discussion into open source supply chain security, hosted by Charlene O'Hanlon) TechStrong TV
2021-01-26 Episode #212: Security Requires Thinking (His Monkey, His Circus) Dave & Gunnar Show (audio podcast) (see all my visits there)
2021-01-22 "David A. Wheeler - Security Lessons From a Rapidly Evolving Open Source Ecosystem" (audio podcast) The Balancing Act by Security Compass
2021-01-20 Supply-Chain Security: A 10-Point Audit (by Derek Weeks and David A. Wheeler) (video live webcast) (announcement) threatpost
2021-01-13 Preventing Supply Chain Attacks like SolarWinds Linux Foundation blog
2020-12-16 Linux Foundation: Improving Open Source Software Security FLOSS Weekly podcast #609
2020-08-06 Episode #202: Linux Foundations (interview with David A. Wheeler) Dave & Gunnar Show (audio podcast)
2020-07-24 Managing Risks and Opportunities in Open Source with Frank Nagle & David A. Wheeler CHAOSS Podcast
2020-04 Initial Analysis of Underhanded Source Code IDA Document D-13166
2019-10-12 CII Best Practices Badge Update FLOSS Weekly podcast #550
2019-09 A Partial Survey on AI Technologies Applicable to Automated Source Code Generation IDA NS D-10790
2019-06-02 Metamath: A Computer Language for Mathematical Proofs by Norman Megill and David A. Wheeler Book, published by Lulu Press. You can get it nearly everywhere (e.g., via Amazon), but getting it directly from Lulu is cheaper.
2019-03-20 Railroader (a security static analysis tool for Rails) FLOSS Weekly podcast #522
2019-03-12..14 CII Best Practices Badge Project in 2019 Open Source Leadership Summit (a Linux Foundation event), Ritz Carlton Half Moon Bay, Half Moon Bay, California
2018-12 A Sample Security Assurance Case Pattern IDA paper P-9278. Note: E. Kenneth Hong Fong was the project leader but not an author.
2018-11-05..06 Approaches to Cyber-Resilience through Language System Design (working title) High Integrity Language Technology (HILT) International Workshop on Cyber-Security Interaction with High Integrity, Boston, Massachusetts. Organized by the Association for Computing Machinery (ACM) SigAda special interest group.
2018-07 Securely Using Software Assurance (SwA) Tools in the Software DevelopmentEnvironmen, David A. Wheeler and Daniel J. Reddy IDA Document P-9166. Note: E. Kenneth Hong Fong was project leader but not a co-author.
2018-06-27 If it works, it's legacy: analysis of legacy code Sound Static Analysis for Security, NIST, Gaithersburg, MD
2018-05-23 Open Source Software & the US Department of Defense Platform Security Summit, May 23-24, 2018, Fairfax, VA
2018-05-01 Secure Software Education & Training: Some thoughts Software and Supply Chain Assurance (SSCA) Forum, Co-sponsored by the U.S. Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and the General Services Administration (GSA). May 1-2, 2018, MITRE, McLean, VA
2018-03-15 Software Assurance & Software Data Rights: Starting a Discussion Software Assurance (SwA) Community of Practice (COP), MITRE, McLean, VA
2018-01-31 Current and future DoD policies on open source software DoD Software Development and Release conference, US Army Engineer Research and Development Center, Mississippi
2017-09-14 CII Badge Project: 1.5 years later Linux Security Summit 2017, Los Angeles, California
2017-08 The Software Assurance State-of-the-Art Resource (SOAR) [summary] IDA NS D-8462. This is a summary. For the document see State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation 2016 including its Appendix E.
2017-06-14 The State of Open Source Software (OSS) in the US Federal Government 2017 Open Source Summit: Succeeding with the New Federal Open Source Policy, Open Source Electronic Health Record Alliance (OSEHRA)
2017-10-31 Core Infrastructure Initiative (CII) Open Source Software Census II Strategy by David A. Wheeler and Jason N. Dossett IDA Document D-8777. Note: at the time we determined there were at least 3.26 million significant OSS projects (the number is explained in the paper).
2016-05-10 Episode #113: Badge of Open Source Honor Dave & Gunnar Show (audio podcast) (see all my visits there)
2016-10-20 Open Source Software Practices & Principles for Cybersecurity Technology Transition Open Source Automotive Cybersecurity Research Tools Forum, Cambridge, MA
2016-10-04 Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge Software and Supply Chain Assurance (SSCA) Forum, Co-sponsored by the U.S. Department of Homeland Security (DHS), Department of Defense (DoD), National Institute of Standards and Technology (NIST), and the General Services Administration (GSA). October 3-5, 2016
2016-09-21 Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge (keynote) OW2 Conference 2016, Paris, France
2016-11 State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation 2016 including Appendix E by David A. Wheeler and Amy E. Henninger. IDA Paper P-8005
2016-08-09 Metamath Proof Explorer (MPE): A Modern Principia Mathematica Youtube video
2016-06-28 Core Infrastructure Initiative (CII) Best-Practices Badge Criteria IDA NS D-8054
2016-05-24 Best Practices Badge FLOSS Weekly podcast #389
2016-03-31 Census and Badging Linux Foundation Collaboration Summit, Resort at Squaw Creek, Lake Tahoe, CA
2015-10-24 Using an Open Source Software Approach for Cybersecurity Technology Transition IDA Paper P-5279
2015-10-23 Open Source Software OpenHatch at Mason, George Mason University (GMU), Fairfax, VA. (Organized with the Mason Student-Run Computing and GMU GNU/Linux User Group). OpenHatch itself is a "non-profit dedicated to matching prospective free software contributors with communities, tools, and education".
2015-06-30 Software SOAR Information Assurance Symposium (IAS), Washington Convention Center, Washington DC
2015-06-23 Preventing Heartbleed and other topics Linux Foundation (LF) Core Infrastructure Initiative (CII)
2015-06-19 Open Source Software Projects Needing Security Investments by David A. Wheeler and Samir Khakimov IDA Document D-5459 (aka "Census I")
2015-04-22, 08:00 Countering Development Environment Attacks RSA Conference (USA 2015), San Francisco, CA (along with Dan Reddy)
2015-02-19 Software SOAR Boeing BMA
2014-08 Preventing Heartbleed by David A. Wheeler (article) IEEE Computer, Volume 47, Issue 8. August 2014. pp. 80-83.
2014-06-24 Preventing Heartbleed. Content Understanding Forum: Industry's Promising Practices Institute for Defense Analyses (IDA). Note: Jeff Hawkins (founder of Numenta) also presented; there have been some amazing advances in our understanding of the brain.
2014-06-10 David A. Wheeler on the Current State of Application Security (audio no longer available) Interview by Trusted Software Alliance
2014-05-20 Episode #51: A Visit with the Doctor Dave & Gunnar Show (audio podcast)
2014-02-25, 18:30-21:00 (Interview of me) "US government accelerating development and release of open source" by Mark Bohannon
2014-02-25, 18:30-21:00 Open Source Software and Government American Society for Quality, Washington, DC and Maryland Metro section 509, Software SIG meeting, MITRE-1, 7525 Colshire Dr, McLean, VA 22102
2013-12-18 Software (security) state-of-the-art resource (SOAR) Software and Supply Chain Assurance (SSCA) Work Group, MITRE-1, 7525 Colshire Dr, McLean, VA 22102
2013-12-03 Software (security) state-of-the-art resource (SOAR) SINET 2013 at National Press Club, Washington, DC
2013-11-07 Cyber Attack Attribution Techniques National Defense Industrial Association (NDIA), Cyber division meeting
2013-11-06 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2013-09-19 Homeland Open Security Technology (HOST). Software and Supply Chain Assurance forum (SSCA), Mclean, VA; hosted by DoD and DHS. I was standing in for Daniel Massey, the HOST Program Manager.
2013-09-17 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU) PAX River, California, MD, 20619
2013-09-16 Open source software panel Department of Homeland Security (DHS) S+T PI Meeting
2013-09-10 Open Source and Security Government Innovators Virtual Summit, GovLoop
2013-09-06 Open source software and security [Electrical] Grid Open Source Software Alliance (GOSSA), National Rural Electric Cooperative Association, Arlington, VA
2013-09-04, 1330-1415 Open source software and intellectual property (IP) management Open Source Electronic Health Record (EHR) Summit & Workshop, Bethesda, Maryland; sponsored by the Open Source Electronic Health Record Agent (OSEHRA)
2013-09 Parallel Compilation on Virtual Machines in a Development Cloud Environment IDA Document D-4996
2013-08-14 Keynote presentation: How to Open Source in Government Drupal4Gov 2013, Washington, DC
2013-08-13 What is Open Security? IDA NS D-4993
2013-08 Case Study: OpenSSL 2012 Validation IDA Document D-4991
2013-05-22 Running Open Source Software projects Open Source Software for the Smart Grid Workshop, Houston, TX
2013-05-09, 0900-1200 (EDT) Open source software “Open Source License Clinic” Hosted by the non-profit Open Source Initiative (OSI). Library of Congress, 101 Independence Ave SE, Madison Building, 6th Floor, Dining Room A, Washington, DC 20540.
2013-03-04 "Open Source Software, Government, and Cyber Security" (presentation) Association for Computing Machinery (ACM), Washington, DC Chapter. 1203 19th St, 3rd Floor, Washington, DC.
2013-01-14 Open Source Software in Government Challenges and Opportunities (and) OpenSSL 2012 FIPS 140-2 Validation #1747 Case Study DHS Industry Day 2013, Maritime Institute Conference Center, Linthicum, Maryland
2012-10-23 Innovation panel (with Christopher Dale, Matt Micene, and Michael Tiemann) [picture] [picture] [article] Red Hat Government Symposium, Washington, DC
2012-10-18 Security and Open Source Software Open Cybersecurity Summit, Schafer Conference Center, Washington, DC
2012-10-17 Open Source Software and the U.S. Department of Defense Open Source Electronic Health Record Agent (OSEHRA), Gaylord Convention Center, National Harbor, Maryland
2012-10-15..16 Navigating Laws & Regulations on OSS; OSS in Government: Challenges & Opportunities Military Open Source Software (MIL-OSS) Working Group 4 (WG4), Arlington, Virginia
2012-09-20 Homeland Open Security Technologies (HOST): Leveraging Open Source Software in Support of National Cyber Security Objectives Software Assurance (SwA) forum (sponsored by the Department of Defense (DoD) and Department of Homeland Security (DHS)), McLean, VA
2012-08-29 Countering Vulnerable/Obsolete Software Libraries Diminishing Manufacturing Sources and Material Shortages (DMSMS) & Standardization 2012, New Orleans, LA (Cancelled due to hurricane)
2012-07-31 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2012-07-17 5 Questions with David A. Wheeler by Melanie Chernoff
2012-06-21 Releasing software or software changes developed with federal government funding - deciphering contracts/laws so you can build your community Open Source Summit 2012 (hosted by NASA, the Veteran Affairs Innovation Initiative (VAi2), and the State Department), University of Maryland, College Park, MD.
2012-06-19 Software Assurance (SwA), Supply Chain Risk Management (SCRM), and Open Source Software Defense Acquisition University (DAU), Ft. Belvoir, VA.
2012-06-07 Lessons Learned: Roadblocks and Opportunities for Open Source Software (OSS) in U.S. Government (GovLoop) GovLoop (Webinar) [FierceGovernment coverage]
2012-05-30 OSS Licensing; Challenges and Opportunities OSSI Industry Day, JHU APL, 11100 John Hopkins Road, Laurel, MD (starts 7:30am)
2012-05-16 Receipt of the "Outstanding Adjunct Faculty Award" for my work teaching the graduate course "Secure Software Design and Programming" (SWE 781/ISA 681). George Mason University (GMU) Department of Computer Science, Celebration & Awards Dinner, Fairfax, VA.
2012-04-19 Open Source Software: U.S. Government and Security Rensselaer Polytechnic Institute (RPI), Troy, NY
2012-04-12 The State of Open Source in the Federal IT Landscape FOSS4G North America 2012, Washington, DC
2011-11-09..11 Keynote ApacheCon North America 2011, Vancouver, British Columbia, Canada
2011-09-22 Security and Open Source Software Open Source Software and the Military Health System, Virginia Tech Research Center, Arlington, VA
2011-08-30.. 2011-09-01 Open Source Software Military Open Source Software (MIL-OSS) WG3, Atlanta, GA
2011-08-23 Open Source Software (OSS) and Total Cost of Ownership (TCO) Government Open Source Conference (GOSCON) 2011, part of Innovation Nation 2011, Washington Convention Center, Washington, DC. My talk on financial issues followed Dr. Alan Greenspan — talk about pressure! The tagline was "Shake IT up"; an earthquake halted the conference early, so I guess they really meant it.
2011-04-06 Open Source Software and the DoD FLOSS Weekly #160, an interview of me by Randal Schwartz and Simon Phipps
2011-03-29 Open Source Software: What is possible? NASA Open Source Summit 2011, Ames Research Center, Mountain View, CA. O'Reilly Radar posted a summary.
2011-03-23 Open Source Software (Look at the Numbers!) Palmetto Open Source Software Conference (POSSCON) 2011, Columbia, SC
2010-08-02..05 Open Source Software and Security MIL-OSS 2010, Washington, DC
2010-06-26 Open Source Software CENDI, the Law Library of Congress, and the Federal Library and Information Center Committee Open Source Software and Copyright: Legal and Business Considerations for Government Use, Library of Congress, Madison Building, Washington, DC
2010-06-15 Expert Witness on "Planning for the Future of Cyber Attack Attribution" U.S. House of Representatives, Committee on Science & Technology, Subcommittee on Technology & Innovation [transcript] [report] [picture]
2010-04-24..26 Open Source Software and Security (includes some info on Open Proofs) [ODP] [PDF] Free/Open Source Software Technologies (FOSST), King Abdulaziz City for Science and Technology (KACST), Riyadh, Saudi Arabia
2009-11-23 Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) Innovation Hall room 105, George Mason University (GMU), Fairfax, VA
2009-11-05 Open Source Software. GOSCON, Ronald Reagan Building and International Trade Center, Washington, DC.
2009-08-12..13 Open Source Software panel discussion, open proofs Mil-OSS, Atlanta, GA.
2009-06-18 Open Source Software panel discussion NRO CTO conference (panel discussion along with Dan Risacher (DoD), Michael Tiemann (Red Hat), and John Scott)
2008-09-24 Software Assurance and Open Source Software FASTER group, National Coordination Office (NCO) for Networking and Information Technology Research and Development (NITRD). NCO/NITRD is the primary mechanism by which the U.S. Government coordinates its unclassified networking and information technology (IT) research and development (R&D) investments.
2008-08-08 Open Proofs Defense BarCamp
2008-06-12 Securing Open Source Software [ODP] OWASP (Northern Virginia), Herndon, VA
2008-05-07 Securing Open Source Software 8th Semi-Annual Software Assurance Forum, May 6-8, 2008, Sheraton Premiere, Tyson's Corner in Vienna, Virginia.
2008-02-11 Open Source Software and the DoD Data & Analysis Center for Software (DACS) series. "Open source software (OSS) has become widespread, but there are many misconceptions about it - resulting in numerous missed opportunities. This presentation will clarify what OSS is (and isn't), rebut common misunderstandings about OSS, discuss the relationship of OSS and security, discuss how to find and evaluate OSS, and explain OSS licensing (including how to combine products and select a license). It will show why nearly all extant OSS is COTS software, and thus why it's illegal (as well as foolish) to ignore OSS options."
2007-12-11..12 (1) OSS Licensing and (2) Security and Open Systems / Open Source 3rd DoD Open Conference: Deployment of Open Technologies and Architectures within Military Systems
2007-07-23 What's Ahead for OSS and DoD The Open Group, Real-time and Embedded Systems Forum, Austin, TX
2007-03-14 Open Source Software (OSS) [for government acquisitions] [PDF] [ODF] [PPT] [OGG] [MP3] [FLAC] [As text] Open Source - Open Standards - Open Architecture: DoD Open Technology Development and Open Source Geospatial Software by the non-profit Association for Enterprise Integration (AFEI), a member of the National Defense Industrial Association (NDIA) family of associations. Held at the Hyatt Hotel Crystal City, Arlington, VA. I was the only person on the panel who wasn't directly employed by the U.S. government. My presentation appears to have inspired a Navy policy memo on OSS.
2006-12-12 FLOSS and Software Assurance / Security Towards a Transparent Acquisition Marketplace for Increased Mission Agility with Open Technology Development, sponsored by the U.S. GSA. Held at the National Science Foundation (NSF) in Rosslyn, VA. An organizer said, "Thank you for your superb presentation and contribution."
2006-07-12 "Open Standards and Security (and OpenDocument too)" Columbia LUG. HP building, 8890 McGaw Rd Ste 100, Columbia, MD.
2006-07-08 Free-Libre/Open Source Software (FLOSS) and Security NovaLUG. Washington Technology Park/CSC (formerly Dyncorp), 15000 Conference Center Drive, Chantilly, VA.
2006-05-17, 19:00 "FLOSS and security." DCLUG. 2025 M Street NW, Washington DC.
2006-04-26, 14:00 Open source software and security (plenary speaker) The Open Group's "Architecting to the Edge" conference. Hilton Crystal City, Crystal City, Arlington, VA. Allen Brown (CEO and President) wrote, "The Washington meeting was one of our best-attended conferences ever... We couldn't have have made it one of our most successful events without your participation, contribution and confidence".
2006-04-04 Open Standards and Security [ODF] [OGG] [MP3] [FLAC] LinuxWorld 2006's "Government Day" focusing on open standards, Boston, MA. See my commentary. NewsForge reported on my talk, saying: "Of all the speakers I heard, two really made me sit up and pay attention... [one was David Wheeler, who] spoke in parables to illustrate just what open standards are and why they are important for IT infrastructure security... Through this talk I began to see how base standards in hardware and software could allow vendor innovation while preventing vendor lock-in."
2006-03-02 Countering Trusting Trust through Diverse Double-Compiling George Mason University (GMU), Fairfax, VA. (An interactive lecture about my ACSAC paper.)
2005-12-05 Countering Trusting Trust through Diverse Double-Compiling Annual Computer Security Applications Conference (ACSAC 2005), Tucson, Arizona. I describe and discuss a new approach to counters the "uncounterable" Trusting Trust attack, including an experiment that shows it works. Lots of people noticed this paper; Bruce Schneier even has a lengthy article about my paper, saying, "This [Trusting Trust] attack has long been part of the lore of computer security, and everyone knows that there's no defense. And that makes this paper by David A. Wheeler so interesting."
2005-10-11..12 Session Lead, Tools Open Web Application Security Project (OWASP) Application Security (AppSec) 2005 conference, NIST, Maryland
2005-06-03 "Why Free-libre / Open Source Software? Look at the Numbers!" "6th International Free Software Forum" / Fórum Internacional Software Livre (FISL) Porto Alegre, Brazil. My travelogue of FISL 2005 in Porto Alegre, Brazil got a lot of press, including a prominent citation in Groklaw. (The paper "Why OSS/FS? Look at the Numbers!" is also available.)
2004-10-27 "Security and Open Source Software". "Open Source Enterprise Solutions Conference" of the Tech Council of Maryland, Rockville, Maryland. My blog entry on this Tech Council of Maryland talk has more information. Interestingly, a large number of FLOSS security projects (both commercial and non-commercial) are based on Maryland.
2004-04-07 (Interview) "How useful are 'proprietary vs. open source' TCO studies?" by Robin 'Roblimo' Miller NewsForge
2004-03-16 "Open source software and security" Open Source in Government Conference 2004 (sponsored by the U.S. General Services Administration (GSA) and The Center of Open Source & Government of George Washington University), Washington, DC. My blog entry has more info.
2004-03-11 "Evaluating OSS/FS Programs." At the conference "You Paid What? A Workshop On Full Cost Accounting Methodology For Information Technology Projects In The Public Sector", Ottawa, Canada.
2004-02-03 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" Web-enabled Government conference, Ronald Reagan building, Washington, DC (a repeat of the very successful LinuxWorld January 2004 panel).
2004-01-22 "What Should Governments Examine in Acquiring COTS Open Source Software (OSS)?" LinuxWorld, New York City's Javits center. Blog entry.
2003-12-11 Security, Open Source, and Ada (Keynote speaker) SIGAda 2003, San Diego, CA.
2003-02-20, 19:00 Secure Programming for Linux and Unix HOWTO University of Baltimore, Baltimore, MD.
2002-08 "Under the Brim Interview with David A. Wheeler" by Jeremy Hogan "Under the Brim" (Red Hat's electronic magazine)
2002-02-16 Secure Programming for Linux and Unix HOWTO Free and Open Source Software Developers' European Meeting (FOSDEM 2002) conference, Brussels, Belgium. See my FOSDEM 2002 Travelogue.
2001-12-25 "David A. Wheeler's interview" FOSDEM 2002 interviews (these were interviews of people who were scheduled to speak at FOSDEM 2002)
2000-02-28 Linux Security Interview with David A. Wheeler by Brittany Day

Locations are in the United States of America (USA) unless otherwise noted.

I've given other public presentations besides these, but haven't gotten around to listing them.

Feel free to see my home page at